[Owasp-live-cd-2008-project] OWASP Summit 2008 (Portugal) outcomes

OWASP Live CD 2008 Project owasp-live-cd-2008-project at lists.owasp.org
Tue Nov 18 15:07:35 EST 2008 

Kent (and the list),

     Due to a scheduling conflict during the summit, I missed the
working group on the Winter of Code.  I'm waiting until after Thanks
Giving to see if the results are posted from that working group.  If I
don't hear by then, I'll start asking various and sundry OWASP people.

What I'm about to type is at best a guess derived from asking random
people at the summit and shouldn't be taken as OWASP gospel.  I
_believe_ that there will NOT be a WoC but instead be a "Spring of
Quality".  The purpose of the SoQ (?) will be to improve the overall
quality of existing OWASP offerings, especially to bring alpha projects
to beta and beta to release.  That is different from a XoC where new
project are generally encouraged.  I'm not clear what this means for a
"release" quality project (e.g. the Live CD).  As soon as I know more,
I'll post it to the list.  Hope that helps (some).

-- Matt Tesauro
OWASP Live CD 2008 Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_2008_Project
http://mtesauro.com/livecd/ - Documentation Wiki

OWASP Live CD 2008 Project wrote:
> Sounds excellent.
> 
> Will there be a WOC ? (following this FOC & SOC ?)
> 
> Kent Poots
> 
> 
> jkpoots at rogers.com
> 
> --- On *Tue, 11/18/08, OWASP Live CD 2008 Project
> /<owasp-live-cd-2008-project at lists.owasp.org>/* wrote:
> 
>     From: OWASP Live CD 2008 Project
>     <owasp-live-cd-2008-project at lists.owasp.org>
>     Subject: [Owasp-live-cd-2008-project] OWASP Summit 2008 (Portugal)
>     outcomes
>     To: owasp-live-cd-2008-project at lists.owasp.org
>     Received: Tuesday, November 18, 2008, 11:54 AM
> 
>     For those that didn't know, I attended the OWASP Summit in Portugal from
>     November 3rd to 7th.  I'm finally catching up on things now that I'm
>     back home.  Beyond presenting the Live CD Project at the summit, I
>     chaired the tools and Live CD/DVD working sessions.  The Live CD working
>     session produced several outcomes, ideas, suggestions, etc.  Here's what
>     I have from notes and my memory:
> 
>     -- The Live CD Project &
>      handling older versions --
>     * The previous version of the Live CD will be marked as
>     "archived/deprecated" with a link to the newest version (2008) added
>     to
>     its project page.
>     * A project page for the current Live CD will be created and whatever
>     the current project is will live there.  So if a SoC 2009 creates a
>     OWASP Live CD 2009, it will take the place of the SoC 2008 release.
>     * As new projects are completed, old projects will be archived.
> 
>     -- Changes/Updates to the OWASP Live CD 2008 --
>     * The menu structure is a mess (or really there is no structure)  Time
>     needs to be spent providing some sane structure to the menu items.
>       ** Organize the menu items according to phase of testing - this should
>     be based on the OWASP testing guide.  See chapter 4 in v2 of the guide
>     or see the not quite finalized v3 of the guide:
>     http://www.owasp.org/index.php/Web_Application_Penetration_Testing
>       ** For each phase of
>      testing (aka submenu) provide the following
>     categories:  Tools, Docs, Training
>       ** Training content could be tricky on a Live CD - consider providing
>     pointers to materials (esp videos) due to space limitations
>       ** Provide a "README" in the documents folder to explain the
>     purpose
>     of each of the documents so that users have some guidance.  The is
>     particularly important for the general "Documentation" menu item.
>     * Provide a "Setup Guide" for items such as wireless & networking
>     to
>     assist those not familiar with Linux.
>     * Consider starting the Live CD in a "Kiosk" mode with a highly
>     simplified interface to the tools/docs.  This would remove any confusion
>     caused by unfamiliarity with KDE/Linux.  Include an option to leave this
>     mode and go to the "full desktop"
>     * Create a tool to update the Live CD to the latest modules.  The tool
>     would also need to be smart about module dependencies.  Modules can
>      be
>     pulled via https from the Google Code repository site.
>       ** If the tool is "smart" enough, profiles could be defined for
>     collections of tools/docs.  Users could then install a profile for the
>     type of work they are going - think Java apps vs .Net apps for example.
>     * Create & document a live USB drive version.  Include persistence since
>     USB drives are writable.
>     * Create & document a virtualized version - VMware, Virtual Box and
>     qeumu are potential VM targets.
> 
>     -- Misc. Notes and Observations --
>     * The OWASP Education project could greatly benefit from coordination
>     with the OWASP Live CD project.  Initial contact has been made and
>     communication channels will continue to be open between the two projects
>     * The OWASP Education project is working on a well defined process to
>     convert Wiki content to publish-able content (PDF, etc).  This will
>     greatly aid the Live CD so that the current online
>      documentation can
>     easily be shipped with the CD.
>     * The Live CD also needs to keep in touch with the Documentation project
>      so that the latest OWASP docs are available on the Live CD.
> 
> 
>     I'll wait a couple of days and before I update the "Road Map"
>     page on
>     the documentation wiki to reflect this list.  I'm holding off to allow
>     anyone to comment on these items or provide additional suggestions. I'll
>     also work on attaching some priorities and timelines to these items
>     after the list gets finalized.
> 
>     Feedback, as always, is welcome.
> 
>     -- 
>     -- Matt Tesauro
>     OWASP Live CD 2008 Project Lead
>     http://www.owasp.org/index.php/Category:OWASP_Live_CD_2008_Project
>     http://mtesauro.com/livecd/ - Documentation Wiki
>     _______________________________________________
>     Owasp-live-cd-2008-project mailing
>      list
>     Owasp-live-cd-2008-project at lists.owasp.org
>     https://lists.owasp.org/mailman/listinfo/owasp-live-cd-2008-project
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Owasp-live-cd-2008-project mailing list
> Owasp-live-cd-2008-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-live-cd-2008-project

More information about the Owasp-live-cd-2008-project mailing list